Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Why Does the Alert Severity in the Console Not Match the Alert Severity in the SIEM?

Carbon Black Cloud: Why Does the Alert Severity in the Console Not Match the Alert Severity in the SIEM?

Environment

  • Carbon Black Cloud Console: All Versions


Question

Why does the Alert severity in the console not match the severity for the same Alerts sent to the SIEM?


Answer

  • The Alert severity in the console can change as new events are added to it
  • If the Alert severity changes the new severity will not be sent to the SIEM

Additional Notes

  • This is currently as designed. To request this behavior changed a feature request can be submitted
  • This behavior will also prevent any new events added to the alert from being sent after the SIEM pulls the related events the first time
  • This is for when using notifications to push alerts/events to a SIEM

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
969
Contributors